[jboss-jira] [JBoss JIRA] Created: (SECURITY-63) JACC: Security Constraint missing an auth-constraint needs an unchecked permission
Anil Saldhana (JIRA)
jira-events at lists.jboss.org
Wed Jun 13 16:10:17 EDT 2007
JACC: Security Constraint missing an auth-constraint needs an unchecked permission
----------------------------------------------------------------------------------
Key: SECURITY-63
URL: http://jira.jboss.com/jira/browse/SECURITY-63
Project: JBoss Security and Identity Management
Issue Type: Task
Security Level: Public (Everyone can see)
Components: AS-Integration
Affects Versions: 2.0.GA
Reporter: Anil Saldhana
Assigned To: Anil Saldhana
Fix For: 2.0.1.BETA
Given a snippet
<security-constraint>
<web-resource-collection>
<web-resource-name>MyBit4</web-resource-name>
<url-pattern>/unchecked.jsp</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
This requires an unchecked permission added to the policy as follows:
WebResourcePermission("/unchecked.jsp", (String) null))
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list